Embodiments of the present invention generally relate to handling information related to financial transactions. More specifically, embodiments of the present invention relate to methods and systems for providing multi-factor authentication of e-commerce transactions while preventing exposure of private information.
E-commerce transactions such as those conducted online between a consumer and a merchant, for example through the merchant's website, are one example of card-not-present transactions. Generally speaking, a card-not-present transaction is any transaction where presentation or use of a physical card, e.g., swiping of a card including a magnetic stripe encoding account and/or other information, is not possible, practical, or desirable. Such transactions are currently conducted using the consumer's true (Primary Account Number), i.e., the account number embossed on the face of the card. For example, in an e-commerce transaction, the consumer enters and submits the true PAN to a merchant through a “checkout” page of the merchant's website.
However, e-commerce or other types of card-not-present transactions utilizing the true PAN of the purchaser/payor, or other party to the transaction raise a number of security concerns about the transaction. These concerns range from possible man-in-the-middle attacks, sniffing of transmission packets, attacks on merchant or other systems involved in the transaction, etc. Hence, there is a need in the art for improved methods and systems for processing of card-not-present transactions.